Results 1  10
of
19
Secret Key Agreement by Public Discussion From Common Information
 IEEE Transactions on Information Theory
, 1993
"... . The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y , respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution PX ..."
Abstract

Cited by 253 (18 self)
 Add to MetaCart
. The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y , respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution PXY Z , can also receive all messages exchanged by the two parties over a public channel. The goal of a protocol is that the enemy obtains at most a negligible amount of information about S. Upper bounds on H(S) as a function of PXY Z are presented. Lower bounds on the rate H(S)=N (as N !1) are derived for the case where X = [X 1 ; : : : ; XN ], Y = [Y 1 ; : : : ; YN ] and Z = [Z 1 ; : : : ; ZN ] result from N independent executions of a random experiment generating X i ; Y i and Z i , for i = 1; : : : ; N . In particular it is shown that such secret key agreement is possible for a scenario where all three parties receive the output of a binary symmetric source over independent binary symmetr...
Experimental Quantum Cryptography
 Journal of Cryptology
, 1992
"... We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion of the ..."
Abstract

Cited by 198 (20 self)
 Add to MetaCart
We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion of the sent and received versions of this transmission estimate the extent of eavesdropping that might have taken place on it, and finally 3) if this estimate is small enough, distill from the sent and received versions a smaller body of shared random information, which is certifiably secret in the sense that any third party's expected information on it is an exponentially small fraction of one bit. Because the system depends on the uncertainty principle of quantum physics, instead of usual mathematical assumptions such as the difficulty of factoring, it remains secure against an adversary with unlimited computing power. A preliminary version of this paper was presented at Eurocrypt '90, May 21 ...
Using Secure Coprocessors
, 1994
"... The views and conclusions in this document are those of the authors and do not necessarily represent the official policies or endorsements of any of the research sponsors. How do we build distributed systems that are secure? Cryptographic techniques can be used to secure the communications between p ..."
Abstract

Cited by 152 (8 self)
 Add to MetaCart
The views and conclusions in this document are those of the authors and do not necessarily represent the official policies or endorsements of any of the research sponsors. How do we build distributed systems that are secure? Cryptographic techniques can be used to secure the communications between physically separated systems, but this is not enough: we must be able to guarantee the privacy of the cryptographic keys and the integrity of the cryptographic functions, in addition to the integrity of the security kernel and access control databases we have on the machines. Physical security is a central assumption upon which secure distributed systems are built; without this foundation even the best cryptosystem or the most secure kernel will crumble. In this thesis, I address the distributed security problem by proposing the addition of a small, physically secure hardware module, a secure coprocessor, to standard workstations and PCs. My central axiom is that secure coprocessors are able to maintain the privacy of the data they process. This thesis attacks the distributed security problem from multiple sides. First, I analyze the security properties of existing system components, both at the hardware and
Perfect Cryptographic Security from Partially Independent Channels
 Proc. 23rd ACM Symposium on Theory of Computing
, 1991
"... Several protocols are presented that allow two parties Alice and Bob not sharing any secret information initially (except possibly a short key to be used for authentication) to generate a long shared secret key such that even an enemy Eve with unlimited computing power is unable to obtain a nonnegl ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
Several protocols are presented that allow two parties Alice and Bob not sharing any secret information initially (except possibly a short key to be used for authentication) to generate a long shared secret key such that even an enemy Eve with unlimited computing power is unable to obtain a nonnegligible amount of information (in Shannon's sense) about this key. Two different models are considered. In a first model we assume that Alice can send information to Bob over a noisy main channel but that Eve is able to receive the same information over a parallel independent noisy channel from Alice to Eve. In a second, more general model we assume that Alice, Bob and Eve receive the output of a random source (e.g., a satellite broadcasting random bits) over three independent individual channels. The condition that the channels be independent can be replaced by the condition that they be independent only to a known, arbitrarily small degree. We demonstrate that even when Eve's channel is sup...
Quantum cryptography with coherent states
 Physical Review A
, 1995
"... The safety of a quantum key distribution system relies on the fact that any eavesdropping attempt on the quantum channel creates errors in the transmission. For a given error rate, the amount of information that may have leaked to the eavesdropper depends on both the particular system and the eavesd ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
The safety of a quantum key distribution system relies on the fact that any eavesdropping attempt on the quantum channel creates errors in the transmission. For a given error rate, the amount of information that may have leaked to the eavesdropper depends on both the particular system and the eavesdropping strategy. In this work, we discuss quantum cryptographic protocols based on the transmission of weak coherent states and present a new system, based on a symbiosis of two existing ones, and for which the information available to the eavesdropper is significantly reduced. This system is therefore safer than the two previous ones. We also suggest a possible 1 experimental implementation.
Sorting Out ZeroKnowledge
, 1990
"... this paper is to explain the various notions involved and to offer a new terminology that emphasizes their differences. There are two orthogonal aspects to zeroknowledge interactive proofs. One is the notion of zeroknowledge and the other is the notion of interactive proof. Unfortunately, these tw ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
this paper is to explain the various notions involved and to offer a new terminology that emphasizes their differences. There are two orthogonal aspects to zeroknowledge interactive proofs. One is the notion of zeroknowledge and the other is the notion of interactive proof. Unfortunately, these two notions are often thought to be inseparable. This confusion is reminiscent of the long lasting confusion among many people between publickey encryption and digital signature. It is clear that interactive proofs make sense independently of zeroknowledge (after all, Babai's ArthurMerlin games [Ba] were invented independently of [GMR1]), but it is more subtle to see that a protocol could be zeroknowledge without being an interactive
Remote Electronic Gambling
 13th Annual Computer Security Applications Conference
, 1997
"... We examine the problem of putting a casino on the Internet. We discuss fairly generating random bits and permutations for use in casino games, protecting against player/player and player/dealer collusions, and ensuring a secure audit trail that both the player and dealer can use to ensure payment of ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
We examine the problem of putting a casino on the Internet. We discuss fairly generating random bits and permutations for use in casino games, protecting against player/player and player/dealer collusions, and ensuring a secure audit trail that both the player and dealer can use to ensure payment of debts. We conclude with a series of open problems.
OnLine Multiple Secret Sharing
, 1996
"... . A protocol for computationally secure "online" secretsharing is presented, based on the intractability of the DiffieHellman problem, in which the participants ' shares can be reused. Introduction. Cachin [1] presents a protocol for "online" secret sharing with general access structures, w ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
. A protocol for computationally secure "online" secretsharing is presented, based on the intractability of the DiffieHellman problem, in which the participants ' shares can be reused. Introduction. Cachin [1] presents a protocol for "online" secret sharing with general access structures, with shares as short as the secret and in which participants may be dynamically added or deleted without having to redistribute new shares secretly to the existing participants. These capabilities are gained by storing additional authentic, but not secret, information in a publicly accessible central location. This proposal does not allow the shares to be reused after the secret has been reconstructed without a further distributed computation subprotocol, although there is a modification allowing a predetermined number of multiple secrets to be reconstructed in a specified order. In this letter we present a modification of the protocol which allows for an arbitrary number of secrets to be ...
About PolynomialTime "unpredictable" Generators
"... Socalled "perfect" or "unpredictable" pseudorandom generators have been proposed recently by people from the area of cryptology. Many people got aware of them from an optimistic article in the New York Times (Gleick (1988)). These generators are usually based on nonlinear recurrences modulo some in ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Socalled "perfect" or "unpredictable" pseudorandom generators have been proposed recently by people from the area of cryptology. Many people got aware of them from an optimistic article in the New York Times (Gleick (1988)). These generators are usually based on nonlinear recurrences modulo some integer m. Under some (yet unproven) complexity assumptions, it has been proven that no polynomialtime statistical test can distinguish a sequence of bits produced by such a generator from a sequence of truly random bits. In this paper, we give some theoretical background concerning this class of generators and we look at the practicality of using them for simulation applications. We examine in particular their ease of implementation, their efficiency, periodicity, the ease of jumping ahead in the sequence, the minimum size of modulus that should be used, etc. 1. INTRODUCTION In the recent years, a growing interest has raised for "cryptographically strong" (or "perfect", or "unpredictable "...
Technological facilitation of terrorism: definitional, legal and policy issues
 American Behavioral Scientist
, 2002
"... This article notes the difficulty in defining cyberterrorism and several problems associated with identifying the potential misuses of the Internet and the World Wide Web by terrorist groups. In particular, the use of digital steganography has recently been identified as an emerging and alarming tre ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
This article notes the difficulty in defining cyberterrorism and several problems associated with identifying the potential misuses of the Internet and the World Wide Web by terrorist groups. In particular, the use of digital steganography has recently been identified as an emerging and alarming trend by law enforcement and intelligence agencies. This technological innovation is used as a case study of the complexities surrounding cyberterrorism, its definition, and how democracies can deal with these advances in communication technology. Supplementing this discussion is a review of the various social, regulatory, and legal forms of social intervention related to controlling electronic communications. The conclusion of this article includes an analytical framework from which additional research into these issues could be conducted and suggests how policy solutions for said complexities could be formulated. Terrorism, let alone cyberterrorism, is a very difficult subject to understand. As with the Internet itself, when one approaches any semblance of an intellectually satisfying level of analytical rigor, the subject metamorphoses, thus negating efforts at objectively defining or understanding it. We wrestle with this